Mic Drop: Encrypted-ish: The problems with a Signal knockoff - Click Here

Summary4 min read

Podcast Summary: "Mic Drop: Encrypted-ish: The Problems with a Signal Knockoff"

Click Here by Recorded Future News delves deep into a startling incident involving a misinformation-laden messaging app used by high-ranking U.S. government officials. In the episode titled "Mic Drop: Encrypted-ish: The Problems with a Signal Knockoff," released on May 16, 2025, host Dina Temple-Raston unpacks the vulnerabilities and implications of using an obscure messaging platform masquerading as the secure Signal app.

Introduction: A Picture That Speaks Volumes

The episode opens with a seemingly innocuous photograph taken in the U.S. Cabinet Room. At first glance, it appears to capture Mike Waltz, a government official, engaged in a routine meeting. However, Dina Temple-Raston hints at a much more significant revelation:

"To someone who knows what to look for, it was a digital crime scene in plain sight." [00:28]

This sets the stage for uncovering the hidden security lapse behind the image.

The Unveiling of TMSGNL: Not All Messaging Apps Are Created Equal

The cornerstone of the episode revolves around the messaging app TMSGNL, presented as a secure alternative to Signal. Micah Lee, an information security engineer and investigative journalist, becomes the key figure in uncovering the truth.

"When you saw the photo of Waltz using Telemessage, where were you?" [00:34]

An unnamed hacker provides insight into public perception:

"I think I actually saw it on Bluesky... making fun of Mike Waltz for checking Signal messages on the day that he's getting demoted, basically." [00:40]

Dina elaborates on the initial confusion:

"At first glance, it looked like Signal... But what he was actually using was something else entirely." [01:34]

Technical Breakdown: How TMSGNL Differs from Signal

Micah Lee explores the technical intricacies of TMSGNL, clarifying that while it resembles Signal, there are critical differences:

"It's almost exactly the same as Signal. They took the Signal code and added some of their own code on top of it to do the archiving... 95% of the code is just straight the same as Signal code." [03:11]

However, unlike Signal, TMSGNL archives all messages to comply with regulatory requirements, making it unsuitable for confidential government communications.

"TMSGNL archives because it's used by a very specific audience... They’re saving messages in case someone or some regulatory agency needs to access them later." [03:33]

Moreover, TMSGNL isn't available to the general public, limiting its use to contracted companies and government agencies.

"It's basically only available for companies or... government agencies that specifically sign a contract." [04:08]

The Security Breach: Exposing Unencrypted Communications

The plot thickens when Micah Lee receives a link to TMSGNL's source code from an anonymous source.

"I looked at the image... [and] then published a blog post... another message arrived." [05:00]

An anonymous hacker reveals a catastrophic vulnerability:

"I found a vulnerability in the TeleMessage website... it wasn't actually a vulnerability in the app itself. It was a vulnerability in the server that the app communicates with." [05:25]

Delving deeper, the hacker discovers unencrypted messages within memory dumps:

"These memory dumps... there was actually usernames and passwords... just in the memory dump." [05:59]

Dina translates the technical jargon:

"A memory dump from a server is like taking a snapshot of everything that server was thinking about at a specific moment in time... And in one memory dump, the hacker found a huge stash of usernames and passwords..." [06:13]

This revelation means that sensitive communications, presumed secure, were accessible in plain text, undermining the very premise of using encrypted messaging platforms.

"Plain text messages, not encrypted." [07:22]

Wider Implications: National Security at Stake

The breach's timing couldn't have been worse, following another incident where Waltz was implicated in a compromised Signal chat discussing classified military operations.

"When Waltz was caught in that photo using TMSGNL in a cabinet meeting just weeks later... it landed pretty hard." [09:22]

Micah Lee emphasizes the potential for widespread exploitation:

"I would be surprised if... adversaries didn't know about this... very likely that U.S. adversaries have looked into this company and have either found this vulnerability or other vulnerabilities..." [12:52]

The situation escalates when Telemessage suspends its services following further breaches, prompting political action:

"Senator Ron Wyden just published a letter urging the Attorney General to look into the serious threat to U.S. national security posed by Telemessage." [13:36]

Lessons Learned: Preventing Future Breaches

Dina Temple-Raston underscores the preventable nature of this security lapse:

"The crazy thing is this didn't need to happen. There are systems they could have used... ones with actual security baked in." [14:28]

The episode concludes by highlighting human error over sophisticated cyber attacks as the primary cause of the breach:

"Sometimes it's just hubris and a really bad group chat..." [14:48]

Conclusion: A Cautionary Tale for Secure Communications

"Mic Drop: Encrypted-ish: The Problems with a Signal Knockoff" serves as a stark reminder of the vulnerabilities that can arise from seemingly minor oversights in digital security. The episode meticulously unpacks how government reliance on a flawed messaging app led to significant breaches, emphasizing the necessity for robust, vetted communication tools in safeguarding national security.

Listeners are left contemplating the balance between convenience and security, especially in high-stakes environments where the stakes are nothing short of national integrity.

Notable Quotes:

Dina Temple-Raston [00:28]: "To someone who knows what to look for, it was a digital crime scene in plain sight."
Unnamed Hacker [05:00]: "I had like, two other people send me this link."
Micah Lee [07:45]: "Really troubling if they were sent by someone like, say, Secretary of State Marco Rubio."
Dina Temple-Raston [14:48]: "Sometimes it's just hubris and a really bad group chat."

This comprehensive summary captures the essence of the Click Here episode, offering listeners insight into the critical issues surrounding digital security within government communications.

Loading summary

Transcript63 lines

[00:03]
Dina Temple-Raston
From Recorded Future News and prx, this is Click Here. It was supposed to be just another photograph, one of those forgettable shots taken in the Cabinet Room.
[00:21]
Mike Waltz
We've just completed what many consider to be the Most successful first 100 days of any administration.
[00:29]
Dina Temple-Raston
But to someone who knows what to look for, it was a digital crime scene in plain sight.
[00:34]
Micah Lee
When you saw the photo of Waltz using Telemessage, where were you?
[00:40]
Unnamed Hacker
I mean, I think I actually saw it on bluesky. I think I was just scrolling through bluesky and people were, like, making fun of Mike Waltz for checking Signal messages on the day that he's getting demoted, basically.
[00:53]
Micah Lee
And while he's in a cabinet meeting.
[00:54]
Unnamed Hacker
And while he's in a cabinet meeting.
[01:01]
Dina Temple-Raston
I'm Dina Templewaston and this is Click Here's Mic Drop, a closer listen to one of our most revealing interviews of the week. And today we're unpacking the story behind that photo and what it accidentally exposed. A former national security advisor, a mysterious app, and a security lapse that may have given adversaries a front row seat to U.S. government Communications.
[01:27]
Unnamed Hacker
I looked at the image, I was looking at the people that he has conversations with, and I was like, wow, this is just absurd.
[01:34]
Dina Temple-Raston
At first glance, it looked like Signal, the encrypted messaging app favored by privacy hawks and intelligence pros. But what he was actually using was something else entirely.
[01:46]
Unnamed Hacker
It looks like he's using Signal. It's actually an app called tmsgnl, which I had never actually heard of before.
[01:54]
Dina Temple-Raston
Today we talk to Micah Lee, information security engineer, investigative journalist, and the kind of person who pauses on a pixelated screenshot the way most of us might pause on a headline.
[02:07]
Unnamed Hacker
That's when I was like, okay, I should really look into this.
[02:17]
Dina Temple-Raston
Stay with us. Click Here is brought to you by Progressive Insurance. You chose to hit play on this podcast today. Smart choice. Make another smart choice with Auto Quote Explorer to compare rates from multiple car insurance companies all at once. Try it@progressive.com Progressive Casualty Insurance Company and affiliates. Not available in all states or situations. Prices vary on how you buy you.
[02:54]
Micah Lee
I'm Dina Temple Roster, and this is Click Here's Mic Drop.
[03:02]
Dina Temple-Raston
TMSGNL is part of a suite of apps made by an Israeli company called Telemessage. It was acquired by a US Based company called Smarsh last year.
[03:12]
Unnamed Hacker
It's basically, you know, almost exactly the same as Signal. They took the signal code and then they just added some of their own code on top of it to do the archiving. But, like, you know, like 95% of the code is just straight the same as signal code.
[03:33]
Dina Temple-Raston
But TMSGNL is not a signal clone. It's designed to do something Signal never would archive your messages. TMSGNL archives because it's used by a very specific audience. Companies and agencies trying to stay on the right side of compliance laws. They're saving messages in case someone or some regulatory agency needs to access them later. So that's one big difference. Another is, unlike Signal, you can't just download tmsgnl.
[04:09]
Unnamed Hacker
It's not something that just anyone can go and install. It's not available in the, like, public app store or the Google Play Store. It's basically only available for companies or, you know, government agencies that specifically sign a contract.
[04:25]
Dina Temple-Raston
Get on paper. That all sounds pretty reasonable. And Micah kind of put it out of his mind until he got this mysterious message from a hacker who had started to dig into this messaging app that Waltz was photographed using.
[04:39]
Unnamed Hacker
And it was actually kind of funny. I had like, one person kind of quietly, like, send me a signal message with a link to their website with the source code.
[04:50]
Dina Temple-Raston
It was open source on the Internet, not by accident, but on purpose.
[04:55]
Unnamed Hacker
And then, like, within the next few hours, I had like, two other people send me this link.
[05:01]
Dina Temple-Raston
Micah posted the open source code to GitHub, a kind of Google Docs for code that lets people store, share, and work together on software projects anywhere in the world. And then he published a blog post about this obscure signal clone app that he'd never seen before. And that's when another message arrived.
[05:25]
Unnamed Hacker
Like, an anonymous hacker sent me a message and was like, I found a vulnerability in the TeleMessage website, like two hours later. Yeah. And the vulnerability that they found, it wasn't actually a vulnerability in the app itself. It was a vulnerability in the server that the app communicates with. I've been calling it the archive server.
[05:48]
Dina Temple-Raston
The hacker had started poking around TMSGNL's code and within 20 minutes had found a hole. And it wasn't just bad, it was catastrophic.
[05:59]
Unnamed Hacker
So these files that have a bunch of random stuff in memory, if you search for the word password, which is like the first thing that, that the hacker searched for, there was actually usernames and passwords, like just in the. In the memory dump.
[06:14]
Dina Temple-Raston
A memory dump from a server is like taking a snapshot of everything that server was thinking about at a specific moment in time. More technically, it captures the contents of a server's memory or ram. So that means it finds things like programs it's running open Files, passwords, data it's processing, and it all saves that to a file. The system does this when something goes wrong, like a crash, so the IT team can go back and analyze what the server was doing at the time. Think of it like freezing the scene of a crime so investigators can pour through the details later. And in one memory dump, the hacker found a huge stash of usernames and passwords that allowed him to log into the Telemessage website as a user.
[07:03]
Unnamed Hacker
One of the first ones that they logged in as was Customs and Border Protection.
[07:08]
Dina Temple-Raston
But it wasn't just one username and password that he found. He saw lots of WhatsApp, Telegram, and Signal messages too.
[07:16]
Unnamed Hacker
Then they quickly realized that these memory dumps also contain plain text messages.
[07:22]
Dina Temple-Raston
Let me repeat that. Plain text messages, not encrypted. And the reason that's a little crazy is that the whole premise of an app like Signal is that once you hit send on your messages, they go out encrypted, only the receiver can read them. Imagine how troubling that would be if they were sent by someone like, say, Secretary of State Marco Rubio.
[07:45]
Micah Lee
And could they, like, look something up like, hey, Marco. And get the messages?
[07:52]
Unnamed Hacker
Yeah, and I was actually, like, trying to do stuff like that. So I had a hypothesis from looking through the source code that the. That telemessage wasn't actually end to end encrypted. Like, they claimed that the server had access to the plain texted messages. I wasn't sure about this, but, like, looking through the source code, that's kind of what it looked like.
[08:13]
Dina Temple-Raston
And the timing of this TM SGNL story couldn't have been worse. We'll have more on that when we come back. Stay with us.
[08:27]
Unnamed Media Host
Most of our media are owned by a handful of tech billionaires, but there's one place that still operates like the Internet was never invented. On the new season of the Divided dial from on the Media, we're exploring shortwave radio, where prayer and propaganda coexist with news and conspiracy theories and where an existential battle for the public airwaves is playing out right now. Listen to on the Media, wherever you get your podcasts from.
[09:00]
Dina Temple-Raston
Recorded future news. This is. Click here. That photo in the cabinet room, of course, wasn't the first time Mike Waltz had found himself in hot water over his text messaging habits.
[09:14]
Mike Waltz
The White House has confirmed it inadvertently added a US Journalist to a private group chat discussing classified plans to bomb Yemen.
[09:23]
Dina Temple-Raston
That was a signal chat heard around the world because the Secretary of Defense, Pete Hegseth, decided to send the group real time updates of a military operation. So when Waltz was caught in that photo using TMSGNL in a cabinet meeting just weeks later, well, it landed pretty hard. Though you could make the case that the TMSGNL episode is worse because its messages were sitting unencrypted in a regular server in Northern Virginia.
[09:56]
Unnamed Hacker
I think that most people who are using this app are expecting it to just be secure, right? Like, okay, I'm using signal that's secure and stuff. I'm going to add this thing on, which just gives us a archive of all of this. So that in my government agency, they have a secure file server somewhere that has a backup of all these messages.
[10:15]
Dina Temple-Raston
In fact, the archive server was hosted by Amazon Web Services in the same kind of cloud data center used by thousands of companies. So it was fine for a doggy daycares billing system, not fine for messages about COVID military ops.
[10:33]
Unnamed Hacker
It turns out what's actually happening is it's sending all of their messages to this very insecure server that has a bunch of security vulnerabilities, including debugging tools that were left on, and they just, they left this debugging setting on. On their production server.
[10:51]
Dina Temple-Raston
Let me explain. In development, engineers often install debug tools so they can watch what a system is doing, inspect the memory log activity, all to catch bugs before they really matter. But when you move to production, the live version the public actually uses, you're supposed to turn those tools off, because if you don't and someone sends a server a request for data, it kind of spills its guts. That memory dump that we talked about before, and one of those dumps that the hacker asked for actually captured internal lobbying discussions from a crypto firm called Galaxy, just as they were trying to get a bill through Congress.
[11:29]
Unnamed Hacker
And the reason why those messages were there is because they happened to be sending those text messages at the exact same time that the hacker happened to get the memory dump.
[11:41]
Micah Lee
So if, for example, the hacker had happened to ask for a memory dump at the time, say they were adding a journalist to their chat messages, they might have seen all of that, too. Is that right?
[11:53]
Unnamed Hacker
Yeah.
[11:53]
Micah Lee
So they could have gotten lucky.
[11:55]
Unnamed Hacker
You know, maybe if Mike Waltz was texting with JD Vance or something like, if that happened, then that would be in the memory dump.
[12:04]
Dina Temple-Raston
And even if JD Vance wasn't using tms, GNL didn't matter. Waltz was archiving the messages with the app on his end.
[12:12]
Unnamed Hacker
Even if JD Vance isn't using the same app, Waltz is uploading all of JD Vance's messages. And in like any signal group that he's in with J.D. vance, he's like Walt's phone has been uploading those.
[12:27]
Dina Temple-Raston
All these damning things. This is just what one journalist and a hacker found in a single week. Which raises the question, what could an adversary do? Or rather, what has an adversary likely already been doing before the outside world discovered government officials were using TM sgnl?
[12:46]
Micah Lee
If I were an adversary, wouldn't I be just asking for memory dumps constantly?
[12:53]
Unnamed Hacker
Yes, absolutely. And I mean, it seems like most people in the public didn't really know about this company, didn't know its this kind of incredibly important role that it was playing in government communications. But I would be surprised if, you know, adversaries didn't know about this. I think it's very likely that US adversaries have looked into this company and have either found this vulnerability or other vulnerabilities and have been exploiting them for a while. Like that just seems quite likely to me.
[13:26]
Dina Temple-Raston
And to make matters worse, a couple of days after this first TM SGNL vulnerability was revealed, NBC reported that a different hacker had found another one.
[13:37]
Mike Waltz
The messaging app Tele Message has suspended its services after hackers claimed to have breached it and stolen files.
[13:43]
Dina Temple-Raston
Telemessage suspended its service. Senator Ron Wyden called for an investigation.
[13:50]
Unnamed Hacker
Senator Ron Wyden just published a letter urging the Attorney General to look into the serious threat to US national security posed by telemessage because, you know, White House staff and federal agencies have been using it. And so I think that, you know, I think it's very likely that the government is going to stop using telemessage.
[14:12]
Micah Lee
Are you still digging into this?
[14:14]
Unnamed Hacker
Yeah, I'm still digging into this. It will be great to know who in Trump's cabinet's using Telemessage, but also just like what other government agencies are using telemessage, a lot of people are looking at this. I'm hoping that maybe people will share their findings with me too.
[14:28]
Dina Temple-Raston
The crazy thing is this didn't need to happen. There are systems they could have used, ones built for this exact purpose, ones with actual security baked in.
[14:39]
Unnamed Hacker
The NSA has developed systems for them to use securely. This is how the US government has been working with secret stuff for a really long time.
[14:48]
Dina Temple-Raston
But instead they went for a knockoff signal clone with debug mode left on for convenience or optics or because no one told them not to. So if you're wondering how a secure government app ends up leaking secrets, it's not always about sophisticated code or clever foreign adversaries. Sometimes it's just hubris and a really bad group chat from Recorded Future News this has been Click Here's Mic Drop. It was written and produced by Megan Dietrich, Sean Powers, Erica Gaeda, Zach Hirsch, Lucas Riley and me, Dena Temple Raston. It was edited by Karen Duffin. We'll be back on Tuesday with an all new episode of Click Here. Have a great weekend.
[15:54]
Unnamed Promotion Host
Looking for more of the cybersecurity and intelligence coverage you get on Click Here. Then check out our sister publication, the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to therecord Media.